Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5736 | 1 Fortinet | 1 Forticlient | 2024-11-21 | N/A |
| The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | ||||
| CVE-2015-5735 | 1 Fortinet | 1 Forticlient | 2024-11-21 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. | ||||
| CVE-2015-5723 | 3 Debian, Doctrine-project, Zend | 10 Debian Linux, Annotations, Cache and 7 more | 2024-11-21 | N/A |
| Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | ||||
| CVE-2015-5715 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | ||||
| CVE-2015-5699 | 1 Cumulusnetworks | 1 Cumulus Linux | 2024-11-21 | N/A |
| The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | ||||
| CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2024-11-21 | N/A |
| admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | ||||
| CVE-2015-5682 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2024-11-21 | N/A |
| upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | ||||
| CVE-2015-5675 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | ||||
| CVE-2015-5671 | 1 Techno Project Japan | 1 Enisys Gw | 2024-11-21 | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | ||||
| CVE-2015-5663 | 1 Rarlab | 1 Winrar | 2024-11-21 | N/A |
| The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | ||||
| CVE-2015-5645 | 1 Icz | 1 Matchasns | 2024-11-21 | N/A |
| ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | ||||
| CVE-2015-5640 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A |
| baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | ||||
| CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2024-11-21 | N/A |
| The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2024-11-21 | N/A |
| The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2024-11-21 | N/A |
| The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5634 | 1 Newphoria Corporation | 1 Megaphone Music | 2024-11-21 | N/A |
| The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5633 | 1 Newphoria Corporation | 1 Auction Camera | 2024-11-21 | N/A |
| The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5632 | 1 Newphoria Corporation | 1 Applican | 2024-11-21 | N/A |
| The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5629 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2024-11-21 | N/A |
| The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5618 | 1 Chiyutw | 2 Bf-630, Bf-630w | 2024-11-21 | N/A |
| Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. | ||||